Senior Cybersecurity Compliance Analyst

At HP, talent is our criteria. Join us in reinventing the standard for diversity and inclusion. Bring your awesomeness, and just be you!

The Hewlett-Packard Cybersecurity Compliance Officer is responsible for testing, documenting, evaluating, managing cybersecurity compliance of system used throughout Hewlett-Packard to achieve security requirements and business effectiveness. The position requires collaboration with internal and external audit and examining teams, business and Information Technology management, consultants, and other stakeholders to ensure compliance deliverables are met. Routinely exercises independent judgment in developing methods, techniques and criteria for achieving objectives. Develops strategy and sets functional policy and direction. Acts as a functional manager within area of expertise but does not manage other employees as a primary job function.

Responsibilities:

  • Leads the management and proactive monitoring of Hewlett-Packard security vulnerabilities, threats and/or issues including current issue resolution, vulnerability/threat analysis and/or prevention, and security research and querying relative to current issues and/or impending threats.
  • Monitor Hewlett-Packard Cybersecurity and Information Technology instrumentation baseline measurement to ensure deviation levels accurately identify Cybersecurity risk.
  • Partner with Cybersecurity Operations and Architecture teams to create and sustain compliance measures.
  • Partner with Information Technology and business teams to instrument compliance monitoring procedures for consistent and simple risk identification
  • Develop and enhance Cybersecurity dashboards to highlight current security posture and identify compliance trends
  • Leads and is primarily responsible for the resolution of Hewlett-Packard security issues, sources strategic technical guidance from applicable security SMEs, and interfaces with internal stakeholders when necessary.
  • Monitors and analyzes data from advanced security technologies: Threat and Vulnerability Management (TVM), SIEM (ArcSight), Firewalls, IPS, Endpoint Detect and Respond (EDR), Endpoint Threat Management (EPTM), or other security related solutions to identify compliance deviations.
  • Leads others in and is primarily responsible for the development, enhancement, organization, and maintenance of Hewlett-Packard's security solutions.
  • Owns partnership with system and process owners to resolve Hewlett-Packard security issues related to compliance deviations and documenting deviations across all Hewlett-Packard business and Information Technology teams.
  • Recommends and coordinates the development, enhancement, organization, and maintenance of a Hewlett-Packard's security solutions, including research and security system analysis. Contributes to Hewlett-Packard's compliance improvement by aggregating and incorporating the analyses/outputs of security professionals into governance and procedural updates.
  • Work with Hewlett-Packard internal partners, vendors, and service providers to govern service delivery and processes in compliance and adherence to applicable laws, industry and regulatory requirements, as well as Hewlett-Packard Cybersecurity policies and standards.
  • Secondary responsibilities: Manage Cybersecurity financial coordination
  • Partner with Cybersecurity leadership to ensure budget is detailed for compliance engagements and communicated across Cybersecurity and to Hewlett-Packard Finance.
  • Assist in managing personnel forecast.
  • Partner with Hewlett-Packard Information Technology Central Software to forecast solution license needs and growth.
  • Assist on negotiations with service provides in partnership with Global Procurement and Information Technology teams.
  • Moderate complexity
  • Medium/ high risk


Education and Experience Required:

Bachelor's degree required, preferably in computer science, engineering or related area of study, or equivalent experience.
Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT etc., or achieve certification within an agreed-upon timeframe after hire.

Preferred certifications: CISSP, CISM or CISA.
Typically 8+ years of relevant experience.

Knowledge and Skills:

  • Excellent interpersonal, written, and oral communication skills
  • Extensive Cybersecurity and regulatory governance and Information Technology security knowledge.
    Extensive security system and data analysis skills.
    Extensive understanding of security standards and best practices.
  • Extensive understanding of Cyber and Information Technology security risks, threats and prevention measures.
    Extensive risk assessment and management skills.
    Extensive data understanding of network monitoring and protocols.
  • Extensive understanding of one or more of the following:
  • Off-the-shelf vulnerability assessment products and tools.
  • Network security devices (firewalls, proxies, NIDS/NIPS, etc.).
  • Platform and application-layer penetration testing techniques.
  • Adversary techniques, tactics, and protocols and related countermeasures.
  • Dynamic and static malware analysis techniques.
  • Network security monitoring.


#LI-POST


Back to top